From 0c790c6638b2da96fc10009ff2a0c04afdb1eb84 Mon Sep 17 00:00:00 2001
From: Koen Zandberg <koen@bergzand.net>
Date: Wed, 29 Aug 2018 00:27:09 +0200
Subject: [PATCH] gnrc_rpl: fix zeroing of RPL DIS fields

The code originally assumed that the location of DIS struct is directly
after the ICMPv6 struct. This is not necessarily true when both structs
are individually allocated by pktbuf. This commit fixes this issue by
directly accessing the location of the DIS struct.
---
 sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c b/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c
index 2e53e166b3..9924ba2e1a 100644
--- a/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c
+++ b/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c
@@ -314,7 +314,6 @@ void gnrc_rpl_send_DIS(gnrc_rpl_instance_t *inst, ipv6_addr_t *destination,
                        gnrc_rpl_internal_opt_t **options, size_t num_opts)
 {
     gnrc_pktsnip_t *pkt = NULL, *tmp;
-    icmpv6_hdr_t *icmp;
     gnrc_rpl_dis_t *dis;
 
     /* No options provided to be attached to the DIS, so we PadN 2 bytes */
@@ -358,6 +357,9 @@ void gnrc_rpl_send_DIS(gnrc_rpl_instance_t *inst, ipv6_addr_t *destination,
         return;
     }
     pkt = tmp;
+    dis = (gnrc_rpl_dis_t *)pkt->data;
+    dis->flags = 0;
+    dis->reserved = 0;
 
     if ((tmp = gnrc_icmpv6_build(pkt, ICMPV6_RPL_CTRL, GNRC_RPL_ICMPV6_CODE_DIS,
                                  sizeof(icmpv6_hdr_t))) == NULL) {
@@ -366,12 +368,6 @@ void gnrc_rpl_send_DIS(gnrc_rpl_instance_t *inst, ipv6_addr_t *destination,
         return;
     }
     pkt = tmp;
-
-    icmp = (icmpv6_hdr_t *)pkt->data;
-    dis = (gnrc_rpl_dis_t *)(icmp + 1);
-    dis->flags = 0;
-    dis->reserved = 0;
-
 #ifdef MODULE_NETSTATS_RPL
     gnrc_rpl_netstats_tx_DIS(&gnrc_rpl_netstats, gnrc_pkt_len(pkt),
                              (destination && !ipv6_addr_is_multicast(destination)));
-- 
GitLab